PT-2010-4918 · Oracle+2 · Java Se+4

Published

2010-10-13

·

Updated

2018-10-30

·

CVE-2010-3557

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Oracle Java SE and Java for Business versions 6 Update 21, 5.0 Update 25, 1.4.2 27, and 1.3.1 28
Description The issue affects the confidentiality, integrity, and availability of systems due to an unspecified vulnerability in the Swing component. This allows remote attackers to exploit the system via unknown vectors. There are claims from a reliable downstream vendor that this issue may be related to the modification of behavior and state of certain JDK classes and mutable static, although Oracle has not commented on these claims.
Recommendations For Oracle Java SE and Java for Business version 6 Update 21, update to a version that includes the October 2010 CPU fixes. For Oracle Java SE and Java for Business version 5.0 Update 25, update to a version that includes the October 2010 CPU fixes. For Oracle Java SE and Java for Business version 1.4.2 27, update to a version that includes the October 2010 CPU fixes. For Oracle Java SE and Java for Business version 1.3.1 28, update to a version that includes the October 2010 CPU fixes.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2010-3557
HPSBUX02608
RHSA-2010:0768
RHSA-2010:0770
RHSA-2010:0786
RHSA-2010:0865
RHSA-2010:0986
RHSA-2010:0987
RHSA-2010_0768
RHSA-2010_0865
RHSA-2010_0987
RHSA-2011:0169
RHSA-2011:0880
RHSA-2011_0169

Affected Products

Hp-Ux
Java Platform
Java Se
Java For Business
Red Hat